Hi Gurus
I am a novice - just so you know.
is there a smarter way to write:
$keywords = str_replace("'", "",$keywords);
$keywords = str_replace('"', '',$keywords);
$keywords = str_replace('`', '',$keywords);
$keywords = str_replace('(', '',$keywords);
$keywords = str_replace(')', '',$keywords);
$keywords = str_replace('.', '',$keywords);
I basically only want A-Z, a-z and 0-9 in my keyword string as it has to go
in SQL i.e.
'Select * from a where a.description LIKE '%$keywords%'
TIA
- Nicolaas
TIA
- Nicolaas 7 8676
WindAndWaves wrote: I basically only want A-Z, a-z and 0-9 in my keyword string as it has to go in SQL i.e.
Try this:
$out = eregi_replace("[^[:alnum:]]", "", $in);
WindAndWaves <ac****@ngaru.com> wrote: is there a smarter way to write:
$keywords = str_replace("'", "",$keywords);
[4 lines] $keywords = str_replace('.', '',$keywords);
Of you want to replace all chars to one char:
$arrOfChars=array("'", .... ,".");
$keywords=str_replace($arrOfChars,'',$keywords);
Also possible: str_replace($arrFrom, $arrTo, $line);
I basically only want A-Z, a-z and 0-9 in my keyword string as it has to go in SQL i.e.
'Select * from a where a.description LIKE '%$keywords%'
Properly escaping $keywords should always be done, what that exactly is
depends on the actual database.
"Daniel Tryba" <sp**@tryba.invalid> wrote in message
news:41**********************@news6.xs4all.nl... Properly escaping $keywords should always be done, what that exactly is depends on the actual database.
Can you explain to me what that means... sorry - but I am a complete novice.
Thank you.
WindAndWaves wrote: "Daniel Tryba" <sp**@tryba.invalid> wrote in message news:41**********************@news6.xs4all.nl...
Properly escaping $keywords should always be done, what that exactly is depends on the actual database.
Can you explain to me what that means... sorry - but I am a complete novice.
Thank you.
I believe what Daniel is saying is, if you want to replace a whole list
of characters with a single character (or no character), you can create
an array (which is a kind of list) of the bad characters you want to
replace:
$bad_chars = array("'", "\"", "`", "(", ")", ".");
and then using the str_replace function replace them all at once:
$keywords = str_replace($bad_chars, '', $keywords);
NM
--
convert uppercase WORDS to single keystrokes to reply
WindAndWaves <ac****@ngaru.com> wrote: Properly escaping $keywords should always be done, what that exactly is depends on the actual database.
Can you explain to me what that means... sorry - but I am a complete novice.
For eg mysql the character that have to be escape (according to http://nl3.php.net/manual/en/functio...ape-string.php) are:
NULL, \x00, \n, \r, \, ', " and \x1a.
Escaping in mysql is done by prepending a \: 'It\'s'
Other database engines are know to sometimes use ' to escape a literal '.
(so ' in a string should be transformed to 'It''s')
But the point I actually was trying to say: although you might want
constraints on the input to the database (eg only A-z and 0-9 (for which
the already mentioned regular expression is a prefect solution)) you
should _always be very sure_ that the string is escaped before
inserting.
For example:
mysql_query("insert into foo values ('".mysql_escape_string($keywords)."')");
"Daniel Tryba" <sp**@tryba.invalid> wrote in message
news:41**********************@news6.xs4all.nl... WindAndWaves <ac****@ngaru.com> wrote: Properly escaping $keywords should always be done, what that exactly is depends on the actual database.
Can you explain to me what that means... sorry - but I am a complete
novice.
For eg mysql the character that have to be escape (according to http://nl3.php.net/manual/en/functio...ape-string.php) are: NULL, \x00, \n, \r, \, ', " and \x1a. Escaping in mysql is done by prepending a \: 'It\'s'
Other database engines are know to sometimes use ' to escape a literal '. (so ' in a string should be transformed to 'It''s')
But the point I actually was trying to say: although you might want constraints on the input to the database (eg only A-z and 0-9 (for which the already mentioned regular expression is a prefect solution)) you should _always be very sure_ that the string is escaped before inserting.
For example: mysql_query("insert into foo values
('".mysql_escape_string($keywords)."')");
I agree, but I see that NULL is still to be ascaped if I only do A-z 0-9.
Do you think it still matters even if it is like, for example,
.... where `des`= 'test NULL'
or something along those lines.
Thanks
- Nicolaas
"WindAndWaves" <ac****@ngaru.com> wrote in message
news:CO*******************@news.xtra.co.nz... Hi Gurus
I am a novice - just so you know.
is there a smarter way to write:
$keywords = str_replace("'", "",$keywords); $keywords = str_replace('"', '',$keywords); $keywords = str_replace('`', '',$keywords); $keywords = str_replace('(', '',$keywords); $keywords = str_replace(')', '',$keywords); $keywords = str_replace('.', '',$keywords);
I basically only want A-Z, a-z and 0-9 in my keyword string as it has to
go in SQL i.e.
'Select * from a where a.description LIKE '%$keywords%'
Regexp is the obvious choice here as other have suggested. If that seems too
opaque, use strtr(), which does multiple find and replace on a string
$replacement_table = array(
'"' => '',
')' => '',
'(' => ''
);
$keywords = strtr($keywords, $replacement_table); This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Martin Goldman |
last post by:
Hello all,
I've been struggling for a few days with the question of how to convert
"smart" (curly) quotes into straight quotes. I tried playing with the
htmlentities() function, but all that is...
|
by: Ron |
last post by:
Hello, I'm having an aggravating time getting the "html" spewed by Word
2003 to display correctly in a webpage.
The situation here is that the people creating the documents only know
Word, and...
|
by: n2xssvv g02gfr12930 |
last post by:
Does anybody know of a smart pointer that supports 'operator->*'.
As yet I've always had to use this type of expression ((*sp).*pFnc)()
where
sp .... Smart pointer to Obj
pFnc .. Member...
|
by: HM |
last post by:
Hi,
I have an existing web application in ASP/VB which uses OCX controls. I want
to replace them with a Smart client solution, but I do not want to change the
whole application at the first go....
|
by: Ian Rastall |
last post by:
I've been working on an online books site for almost four years now,
and have been putting smart quotes in each book. This is a major
hassle, and I'm beginning to think it's not worth it.
Is...
|
by: Sean S - Perth, WA |
last post by:
Hi all,
I'm wondering if there is a way to find (to strip or process) smart quotes
in text submitted via a form?
These don't work:
strOutput = Replace(strOutput, "“", "“") ' left...
|
by: coolami4u |
last post by:
I need a program that simulates the search-and-replace operation in a text editor. The program is to have only three function calls in main. The first function prompts the user to type a string of...
|
by: Adrian Smith |
last post by:
Can anyone tell me how to get rid of smart quotes in html using
Python? I've tried variations on
stuff = string.replace(stuff, "\“", "\""), but to no avail, presumably
because they're not standard...
|
by: CloudSolutions |
last post by:
Introduction:
For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
|
by: Faith0G |
last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome former...
|
by: ryjfgjl |
last post by:
In our work, we often need to import Excel data into databases (such as MySQL, SQL Server, Oracle) for data analysis and processing. Usually, we use database tools like Navicat or the Excel import...
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: aa123db |
last post by:
Variable and constants
Use var or let for variables and const fror constants.
Var foo ='bar';
Let foo ='bar';const baz ='bar';
Functions
function $name$ ($parameters$) {
}
...
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
| |